Lecture Penetration testing: Attack

Chia sẻ: _ _ | Ngày: | Loại File: PDF | Số trang:22

Thêm vào BST

Báo xấu

10
lượt xem 4
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Lecture "Penetration testing: Attack" provide students with knowledge about: Exploitation; Password attack; Client-side exploitation; Social engineering;... Please refer to the detailed content of the lecture!

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Lecture Penetration testing: Attack

ATTACK
Contents  Exploitation  Password attack  Client-side exploitation  Social engineering
1. Exploitation  In the exploitation phase of the pentest, we run exploits against the vulnerabilities we have discovered to gain access to target systems.
Metasploit Payloads  payloads: payloads allow us to tell an exploited system to do things on our behalf Two popular types of shells:  Bind shells: the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection
Metasploit Payloads  Reverse shells: A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection
Types of payload  Staged Payload: setup a network connection between the attacker and victim and are designed to be small and reliable. Staged payloads allow us to use complex payloads without requiring a lot of space in memory  Eg: windows/shell/reverse_tcp
Types of payload  Inline Payloads (single): A single payload containing the exploit and full shell code for the selected task.  Eg: windows/shell_reverse_tcp
Types of payload  Meterpreter: It is loaded directly into the memory of an exploited process using a technique known as reflective dll injection.  It runs inside the memory of the host process.  Meterpreter also uses Transport Layer Security (TLS) encryption for communication between it and Metasploit
2. Password attack  Online Password attacks: we can use scripts to automatically attempt to log in to services and find valid credentials.  We’ll use tools designed for automating online password attacks or guessing passwords until the server responds with a successful login. These tools use a technique called brute forcing
Password attack  Wordlists: Before you can use a tool to guess passwords, you need a list of credentials to try. If you don’t know the name of the user account you want to crack, or you just want to crack as many accounts as possible, you can provide a username list for the password-guessing tool to iterate through
Password attack  User Lists: determine the client’s username scheme.  Password Lists: a list of possible users http://packetstormsecurity.com/Crackers/wordlists/ http://www.openwall.com/wordlists/ root@kali:~# hydra -L userlist.txt -P passwordfile.txt 192.168.20.10 pop3
Password attack
Password attack  Offline Password attacks: Another way to crack passwords (without being discovered) is to get a copy of the password hashes and attempt to reverse them back to plaintext passwords.
Password attack  John the Ripper: One of the more popular tools for cracking passwords is John the Ripper. The default mode for John the Ripper is brute forcing
 Dumping Plaintext Passwords from memory with windows Credential editor:
3. Client-side exploitation  Bypassing Filters with metasploit Payloads: in your pentesting career, you may encounter clients with all sorts of filtering setups. Even a reverse connection may not be able to get through the filters and connect back to your attack machine on just any port.  The Metasploit reverse_tcp_allportspayloads can help us find a port to connect to
Browser Exploitation:  Web browsers are made up of code to render web pages. Just as we can send malformed input to server software, if we open a web page with malicious code to trigger a security issue, we can potentially hijack execution in the browser and execute a payload.
PDF Exploits  A target has an outdated version of Adobe Reader 8.1.2 installed that is subject to CVE-2008-2992.  If a user can be enticed to open a malicious PDF in a vulnerable viewer, the program can be exploited